Hello group, what is the preferred method to connect to asterisk cli over network? I need to run asterisk cli commands remotely. Sharing the unix socket through NFS, if that's working? Or any other approaches, despite using SSH or rlogin, rsh. Thank you Paul
Hi,
The easiest way would be to use asterisk manager interface (some
simple steps to activate it on asterisk are easily found in the docs)
https://wiki.asterisk.org/wiki/display/AST/AMI+Examples
Now you will need a good python library to make it even easier
https://pypi.python.org/pypi/asterisk-ami/0.1.0
example :
# 1- import
from asterisk.ami import AMIClient
from asterisk.ami import SimpleAction
# 2- connect
client = AMIClient(address='192.168.1.100',port=5038)
client.login(username='username',secret='password')
# 3- use
action = SimpleAction(
'Originate',
Channel='SIP/2010',
Exten='2010',
Priority=1,
Context='default',
CallerID='python',
)
client.send_action(action)
# 4- take a break your work is done
REMARQUE: opening up your server to external access need to be done
with a lot of care.
On Tue, Jan 16, 2018 at 10:05 AM, Paul Neuwirth <mail at paul-neuwirth.nl>
wrote:> Hello group,
>
> what is the preferred method to connect to asterisk cli over network? I
> need to run asterisk cli commands remotely.
> Sharing the unix socket through NFS, if that's working?
> Or any other approaches, despite using SSH or rlogin, rsh.
>
> Thank you
>
> Paul
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at:
https://community.asterisk.org/
>
> New to Asterisk? Start here:
> https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
On Tue, Jan 16, 2018 at 11:05:01AM +0100, Paul Neuwirth wrote:> Hello group, > > what is the preferred method to connect to asterisk cli over network? I > need to run asterisk cli commands remotely.As others have mentioned: the manager interface is normally better for running over network. The manager interface also has an action calld 'Command' that runs a CLI command. In fact, contrib/scripts/astcli uses it to allow providing a remote console. Permissions needed for your manager user: For most things just: write=command To also be able to originate calls: write=command,originate To also be able to restart / reload: write=command,system> Sharing the unix socket through NFS, if that's working?No.> Or any other approaches, despite using SSH or rlogin, rsh.SSH: should work, sure. However, it means you ssh to root at the remote host. Better set a key with 'command' explicitly set in authorized_keys for this. Rlogin, rsh: seriously? Anybody still uses those? Not only are they way less secure than SSH, they are also way less conveninet than any decent SSH implementation. Anyway, as mentioned before: you should probably use AMI. -- Tzafrir Cohen +972-50-7952406 mailto:tzafrir.cohen at xorcom.com http://www.xorcom.com
On Tue, 16 Jan 2018 18:18:18 +0200 Tzafrir Cohen <tzafrir.cohen at xorcom.com> wrote:> On Tue, Jan 16, 2018 at 11:05:01AM +0100, Paul Neuwirth wrote: > > Hello group, > > > > what is the preferred method to connect to asterisk cli over > > network? I need to run asterisk cli commands remotely. > > As others have mentioned: the manager interface is normally better for > running over network. > > The manager interface also has an action calld 'Command' that runs a > CLI command. In fact, contrib/scripts/astcli uses it to allow > providing a remote console. > > Permissions needed for your manager user: For most things just: > > write=command > > To also be able to originate calls: > > write=command,originate > > To also be able to restart / reload: > > write=command,system > > > Sharing the unix socket through NFS, if that's working? > > No. > > > Or any other approaches, despite using SSH or rlogin, rsh. > > SSH: should work, sure. However, it means you ssh to root at the > remote host. Better set a key with 'command' explicitly set in > authorized_keys for this. > > Rlogin, rsh: seriously? Anybody still uses those? Not only are they > way less secure than SSH, they are also way less conveninet than any > decent SSH implementation. > > Anyway, as mentioned before: you should probably use AMI. >Thank you both. That was (most likely) what I was looking for - but still some worries about sending plaintext passwords... For my simple commands a simple netcat command works for me. Previously used asterisk -rx in scripts. But now asterisk servers and other processes are split over multiple physical servers. A binary or script, making use of encryption and miming asterisk -r would be best. I am wondering, why such a tool is not part of asterisk itself... maybe I give this a try setting up a user (group asterisk) with asterisk -r as "login shell".. and use ssh.. or something like that. It should be that safe, no other commands can be executed..